• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 214
  • Last Modified:

Modify my password script

I'm using a password script that I got here on EE last year. A copy of it is posted in the dir http://www.fishhead.com/scripts/password/ as "index-cgi.txt. The way it works now is I put the index.cgi in the directory I want to protect. The source code for the hidden page is in my cgi-bin. If the user enters the correct password, the hidden page is presented. If the wrong password is entered they get an error.html page which is also in my cgi-bin. The script records the invalid passwords in a log file.

What I want to change is for the invalid entries to be shown in the error.html page so the user can actually see their input. That way they know if they just made a simple typo and can try again. Something along the lines of:

The password \"$theinput\" you have entered is invalid.

I also want to add the date of the invalid attempt to the log file. I want to modify the entry line to read something like:

On (the-date)($ENV{REMOTE_HOST) tried to get by the script.

0
Gary040897
Asked:
Gary040897
  • 4
  • 2
1 Solution
 
thoellriCommented:
Gary,

change this line:

print LOG "$ENV{REMOTE_HOST} tried to get by the script.\n";

to:

print LOG "On ".scalar(localtime)."$ENV{REMOTE_HOST} tried to get by the script.\n";

to get the date into the log.

And for the second question to display the  wrong password in the error file:
1.) Edit your error.html-file
2.) Add this line (exactly like this) to the file:
The password \"$theinput\" you have entered is invalid.
3.) Modify the loop at the bottom to read:
while(<FUNC>) {
   s/\$(\w+)/${$1}/g;
   print $_;
}

This allows you to embed variable names into the html-page which will be interpolated while the document is printed to the browser. In your case the "$theinput" will be replaced the value, which is the bad password.

Hope this helps
  Tobias
0
 
thoellriCommented:
Sorry,

Step 3 has to be:

3.) Modify the loop at the bottom to read:
      while(<ErrorPage>) {
         s/\$(\w+)/${$1}/g;
         print $_;
      }

Tobias
0
 
Gary040897Author Commented:
In my example I thought I would need the "\" in \"$theinput\" but I don't need it in a html file apparently. After I remove them it looked like what I expected. Is there more definitive information on my user than $ENV{REMOTE_HOST}?
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
thoellriCommented:
Gary,

all you can get is $ENV{REMOTE_HOST} (or $ENV{REMOTE_ADDR} for the IP-address, depends on how the server is setup). $ENV{HTTP_USER_AGENT} tells you about the browser and platform the user has.

Sorry
  Tobias

0
 
Gary040897Author Commented:
That's what I thought. If you will give a proposed answer I will close this question out now. Thank you!
0
 
thoellriCommented:
Gary,

thanks - here is the fixed repost of my first comment.

Tobias



      Change this line:

      print LOG "$ENV{REMOTE_HOST} tried to get by the script.\n";

      to:

      print LOG "On ".scalar(localtime)."$ENV{REMOTE_HOST} tried to get by the script.\n";

      to get the date into the log.

      And for the second question to display the  wrong password in the error file:
      1.) Edit your error.html-file
      2.) Add this line (exactly like this) to the file:
      The password \"$theinput\" you have entered is invalid.
      3.) Modify the loop at the bottom to read:
      while(<ErrorPage>) {
               s/\$(\w+)/${$1}/g;
               print $_;
            }

This allows you to embed variable names into the html-page which will be interpolated while the document is printed to the browser. In your case the "$theinput" will be replaced the value, which is the bad password.

      Hope this helps
        Tobias
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now